| Summary: | Allow login to a role using Hostbased auth on platforms supporting PAM_AUSER | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Portable OpenSSH | Reporter: | Tomas Kuthan <tomas.kuthan> | ||||
| Component: | PAM support | Assignee: | Assigned to nobody <unassigned-bugs> | ||||
| Status: | NEW --- | ||||||
| Severity: | enhancement | CC: | tomas.kuthan | ||||
| Priority: | P5 | ||||||
| Version: | 6.8p1 | ||||||
| Hardware: | SPARC | ||||||
| OS: | Solaris | ||||||
| Attachments: |
|
||||||
|
Description
Tomas Kuthan
2015-04-13 23:14:19 AEST
Created attachment 2582 [details]
patch implementing login to a role
Steps to reproduce/test ---- On the server: echo 'HostBasedAuthentication yes' >>/etc/ssh/sshd_config echo 'IgnoreRhosts no' >>/etc/ssh/sshd_config svcadm restart ssh roleadd -m testrole useradd -m -R testrole testuser cat >/etc/pam.d/sshd-hostbased <<EOF auth definitive pam_user_policy.so.1 auth requisite pam_authtok_get.so.1 auth required pam_dhkeys.so.1 auth required pam_unix_auth.so.1 auth required pam_unix_cred.so.1 account requisite pam_roles.so.1 allow_remote debug account definitive pam_user_policy.so.1 account required pam_unix_account.so.1 account required pam_tsol_account.so.1 session definitive pam_user_policy.so.1 session required pam_unix_session.so.1 @ password definitive pam_user_policy.so.1 @ password include pam_authtok_common @ password required pam_authtok_store.so.1 EOF su - testrole echo '192.168.0.1 testuser' >.shosts ssh testuser@192.168.0.1 # to populate known_hosts ^D On the client: echo 'EnableSSHKeysign yes' >>/etc/ssh/ssh_config useradd -m testuser su - testuser ssh testrole@serverb.tkuthan.oracle.com |